August 2022
Teresa Huang and Doris Hsu
To promote the Corporate Governance 3.0 – Sustainable Development Roadmap of Taiwan and align with the international ESG (Environmental, Social, and Governance) trends, the Financial Supervisory Commission (hereinafter, the “FSC”) amended the Regulations Governing Information to be Published in Annual Reports of Public Companies (hereinafter, the “Regulations”) on November 30, 2021. After the amendment of the Regulations, the FSC also amended the Regulations Governing Public Disclosure of Information by Life Insurance Enterprises and the Regulations Governing Public Disclosure of Information by Non-life Insurance Enterprises on May 25, 2022 to carry out the ESG concept in the insurance industry. The amendments contain the following three highlights:
1. Required specific disclosure of the board diversity policy by an insurance enterprise
Article 10 of the Regulations points out that a corporate governance report shall disclose the expertise of the directors and the diversity policy and independence of the board of directors. The FSC also added the requirement that the insurance industry should specifically disclose the board diversity policy and state the specific objectives of the company and the achievement status of such policy in the filing form, so as to promote the sound development of the composition and structure of an insurance company’s board of directors. (Article 8, Paragraph 1, Subparagraph 3 of the Regulations Governing Public Disclosure of Information by Life Insurance Enterprises, and Article 8, Paragraph 1, Subparagraph 3 of the Regulations Governing Public Disclosure of Information by Non-life Insurance Enterprises)
2. Required disclosure of the cybersecurity risk management structure, policy, concrete management arrangements, and the committed resources by an insurance enterprise
According to Articles 18 and 20 of the Regulations, public companies should disclose the cybersecurity risk management structure, policies, specific management plans, and the resources committed. The FSC has also added the above-mentioned requirements to the regulations governing public disclosure of information by insurance enterprises, requiring the insurance industry to specifically disclose information such as the total number of staff dedicated to cybersecurity risk management or the number and focus of relevant meetings held. In addition, the losses, possible impacts, and coping measures of major cybersecurity incidents that occurred in the most recent years should also be disclosed. If the losses cannot be reasonably estimated, the facts that cannot be reasonably estimated shall be stated. (Article 8, Paragraph 1, Subparagraph 20 of the Regulations Governing Public Disclosure of Information by Life Insurance Enterprises, and Article 8, Paragraph 1, Subparagraph 20 of the Regulations Governing Public Disclosure of Information by Non-life Insurance Enterprises)
3. Change of “socially responsible” to “sustainable development”
To strengthen the promotion of sustainable development by the insurance industry, the status of an insurance enterprise’s fulfillment of corporate social responsibility is changed to the status of an insurance enterprise’s promotion of sustainable development. (Article 8, Paragraph 1, Subparagraph 15 of the Regulations Governing Public Disclosure of Information by Life Insurance Enterprises, and Article 8, Paragraph 1, Subparagraph 15 of the Regulations Governing Public Disclosure of Information by Non-life Insurance Enterprises)